PHP-rnet – a PHP extension that mimics real browser TLS fingerprints

takielias · 3 hours ago · view on HN
0 net
I built this after repeatedly hitting bot protection while making HTTP requests from PHP.

Even when copying Chrome headers exactly, some sites still blocked the request.

It turns out many modern bot detection systems fingerprint clients using the TLS handshake rather than HTTP headers.

Most PHP HTTP clients rely on libcurl, which means their TLS fingerprint always looks like curl. This makes them easy to detect.

So I built php-rnet, a PHP extension that can impersonate real browsers at the TLS and HTTP/2 level.

It is built using Rust networking libraries (wreq + BoringSSL) and supports many browser profiles including Chrome, Firefox, Safari, Edge, and OkHttp.

Example:

$b = new RNet\ClientBuilder(); $b->impersonate(RNet\Emulation::CHROME_136); $client = $b->build();

$resp = $client->get("https://tls.browserleaks.com/json");

To the server this request looks like it came from Chrome.

Blog post explaining the project: https://tasli.netlify.app/blog/posts/php-requests-dont-look-like-browsers

GitHub repo: https://github.com/takielias/php-rnet

Curious to hear thoughts from others who have worked with TLS fingerprinting or bot detection.

← Back to stories